From 255fb0fcac3626ad6d8c157382ea650eee143376 Mon Sep 17 00:00:00 2001 From: Adrian Riobo Lorenzo Date: Thu, 14 Sep 2023 11:00:40 +0200 Subject: [PATCH] chore: tasks uses workspaces for secrets and optional credentials --- tkn/infra-management-aws.yaml | 65 +++++++++++++-------------------- tkn/infra-management-azure.yaml | 40 +++++++++----------- 2 files changed, 44 insertions(+), 61 deletions(-) diff --git a/tkn/infra-management-aws.yaml b/tkn/infra-management-aws.yaml index bfd989e84..691c10e88 100644 --- a/tkn/infra-management-aws.yaml +++ b/tkn/infra-management-aws.yaml @@ -4,7 +4,7 @@ kind: Task metadata: name: infra-management-aws labels: - app.kubernetes.io/version: "0.0.4" + app.kubernetes.io/version: "0.0.5-dev" annotations: tekton.dev/pipelines.minVersion: "0.24.x" tekton.dev/categories: infrastructure @@ -16,44 +16,22 @@ spec: This task will provision / decomission multiple environments on public cloud The output will give required information to connect within the remote provisioned host - - workspaces: - - name: pipelines-data - + params: - name: project-name description: identifier for project. + - name: requestedHostID description: | this is the ID for the supported host. - Current values: * ol-rhel * g-macos-m1 * s-snc * ol-fedora - - name: operation description: operation to execute within the infrastructure. Current values (create, destroy) - - name: aws-credentials-secret - description: | - ocp secret holding the aws credentials. Secret should be accessible to this task. - - To be a valid secret it should contains the following fields: - * tenant_id - * subscription_id - * client_id - * client_secret - - # RHEL Params - - name: rh-account-secret - description: | - ocp secret holding the credentials for a valid rh user to subscribe VM. Secret should be accessible to this task. - - To be a valid secret it should contains the following fields: - * user - * password - default: '' + # Fedora Params - name: fedora-version description: in case requestedHostID set to ol-fedora this param will control the major fedora version (i.e 37, 38,...) @@ -81,7 +59,8 @@ spec: steps: - name: provisioner - image: quay.io/rhqp/qenvs:v0.0.4 + image: quay.io/rhqp/qenvs:v0.0.5-dev + imagePullPolicy: Always script: | #!/bin/sh @@ -135,12 +114,6 @@ spec: exit 1 fi - volumeMounts: - - mountPath: /opt/aws-credentials/ - name: aws-credentials - - mountPath: /opt/rh-account-secret/ - name: rh-account-secret - resources: requests: memory: "200Mi" @@ -149,13 +122,27 @@ spec: memory: "400Mi" cpu: "200m" - volumes: + workspaces: + - name: pipelines-data + description: volume to store outputs to connect within the target machine + state file for the infrastructure - name: aws-credentials - secret: - secretName: $(params.aws-credentials-secret) + description: | + ocp secret holding the aws credentials. Secret should be accessible to this task. + + To be a valid secret it should contains the following fields: + * tenant_id + * subscription_id + * client_id + * client_secret + mountPath: /opt/aws-credentials - name: rh-account-secret - secret: - secretName: $(params.rh-account-secret) - optional: true + description: | + ocp secret holding the credentials for a valid rh user to subscribe VM. Secret should be accessible to this task. + + To be a valid secret it should contains the following fields: + * user + * password + optional: true + mountPath: /opt/rh-account-secret \ No newline at end of file diff --git a/tkn/infra-management-azure.yaml b/tkn/infra-management-azure.yaml index ee60ad4e8..0fd5406fc 100644 --- a/tkn/infra-management-azure.yaml +++ b/tkn/infra-management-azure.yaml @@ -4,7 +4,7 @@ kind: Task metadata: name: infra-management-azure labels: - app.kubernetes.io/version: "0.0.4" + app.kubernetes.io/version: "0.0.5-dev" annotations: tekton.dev/pipelines.minVersion: "0.24.x" tekton.dev/categories: infrastructure @@ -17,25 +17,12 @@ spec: The output will give required information to connect within the remote provisioned host - workspaces: - - name: pipelines-data - params: - name: project-name description: identifier for project. - name: operation description: operation to execute within the infrastructure. Current values (create, destroy) - default: create - - name: credentials-secret - description: | - ocp secret holding the azure credentials. Secret should be accessible to this task. - - To be a valid secret it should contains the following fields: - * tenant_id - * subscription_id - * client_id - * client_secret - + default: create - name: windows-featurepack description: windows feature pack (default "22h2-pro") default: 22h2-pro @@ -61,14 +48,10 @@ spec: - name: key-filename description: filename for the private key. The key is located at workspace-resources-path - volumes: - - name: credentials - secret: - secretName: $(params.credentials-secret) - steps: - name: provisioner - image: quay.io/rhqp/qenvs:v0.0.4 + image: quay.io/rhqp/qenvs:v0.0.5-dev + imagePullPolicy: Always volumeMounts: - mountPath: /opt/credentials/ name: credentials @@ -124,5 +107,18 @@ spec: limits: memory: "400Mi" cpu: "200m" - + + workspaces: + - name: pipelines-data + description: volume to store outputs to connect within the target machine + state file for the infrastructure + - name: az-credentials + description: | + ocp secret holding the azure credentials. Secret should be accessible to this task. + + To be a valid secret it should contains the following fields: + * tenant_id + * subscription_id + * client_id + * client_secret + mountPath: /opt/credentials \ No newline at end of file